Senior Associate - Defense Microsoft Sentinel Engineer
About The Position
We are the leading provider of professional services to the middle market globally, our purpose is to instill confidence in a world of change, empowering our clients and people to realize their full potential. Our exceptional people are the key to our unrivaled, culture and talent experience and our ability to be compelling to our clients. You'll find an environment that inspires and empowers you to thrive both personally and professionally. There's no one like you and that's why there's nowhere like RSM. The Defense Microsoft Sentinel Engineer will deploy, configure, and optimize Microsoft Sentinel to monitor, detect, and respond to security threats. This role involves designing SIEM workflows, developing custom analytics rules, and integrating log sources from cloud and on-premises environments. The engineer will automate incident response processes, conduct threat hunting, and ensure compliance with security best practices. Collaboration with SOC analysts, IT teams, and stakeholders is critical to enhancing organizational security posture and mitigating risks for this role.
Requirements
- Bachelor's degree in Computer Science, Cybersecurity, or related field (or equivalent experience).
- 2+ years of hands-on experience with Microsoft Sentinel, including log ingestion and KQL query development.
- Proficiency in scripting languages (PowerShell, Python) for automation and custom tooling.
- Knowledge of Azure security services (e.g., Azure AD, Log Analytics, Defender).
- Understanding of SIEM/SOC operations, threat landscapes, and MITRE ATT&CK framework.
- Strong analytical and problem-solving skills for incident investigation
Nice To Haves
- Certifications: Microsoft Certified: Azure Security Engineer Associate, CISSP, or GIAC certifications.
- 3+ years of SIEM experience, including advanced Sentinel use cases like UEBA or SOAR integration.
- Expertise in Azure infrastructure (e.g., ARM templates, RBAC, Azure Policy).
- Experience with threat intelligence platforms and hybrid cloud architectures.
- Familiarity with compliance standards (CMMC,NIST, ISO 27001) and regulatory requirements
Responsibilities
- SIEM Implementation: Configure Microsoft Sentinel workspaces, data connectors, and log analytics.
- Threat Detection: Develop custom KQL queries, analytics rules, and workbooks to identify security incidents.
- Incident Response: Investigate, triage, and remediate security events while documenting root causes.
- Automation: Build playbooks using Azure Logic Apps or PowerShell/Python scripts to streamline workflows.
- Log Integration: Ingest and normalize logs from Azure services, firewalls, endpoints, and third-party tools.
- Threat Hunting: Proactively identify vulnerabilities and adversarial tactics using advanced queries.
- Collaboration: Partner with SOC, network, and infrastructure teams to refine security strategies.
- Documentation: Maintain runbooks, incident reports, and configuration guidelines.
Benefits
- We offer flexibility in your schedule, empowering you to balance life's demands, while also maintaining your ability to serve clients.
- Individuals selected for this role will be eligible for a discretionary bonus based on firm and individual performance.
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
Industry
Professional, Scientific, and Technical Services
Number of Employees
5,001-10,000 employees
